Re: kernel module loading vs securelevel

[Steven Bellovin <smb%cs.columbia.edu@localhost>]

On Oct 18, 2010, at 8:51 03AM, Jean-Yves Migeon wrote:

> 
> On Sun, 17 Oct 2010 20:11:06 -0400, Thor Lancelot Simon 
> <tls%panix.com@localhost>
> wrote:
>> On Sun, Oct 17, 2010 at 04:04:59PM -0400, Matthew Mondor wrote:
>>> On Sat, 16 Oct 2010 13:58:19 -0400
>>> Thor Lancelot Simon <tls%panix.com@localhost> wrote:
>>> 
>>>>    2) Finish the asymmetric operation support in cryptodev and
>>>>       actually require modules to be signed.  This is basically a
>>>>       superset of #1 above that could get about as complicated as
>>>>       one wanted it to (ugh) but might be worthwhile if kept simple.
>>> 
>>> You seem to now agree with me that this could be a solution.  It
>>> indeed requires more work, but it also has advantages: not having to
>> 
>> Let me know when you've got the code ready for review.
> 
> *lurker mode off*
> IIRC, part of agc work with netpgp is to integrate signature verification
> within kernel.
> *lurker mode on*
> 
Signatures provide *authentication*; what is needed here is *authorization*.
> 


                --Steve Bellovin, http://www.cs.columbia.edu/~smb